package com.liwbn.rbac.controller;

import javax.servlet.http.HttpServletRequest;

import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.LockedAccountException;
import org.apache.shiro.authc.UnknownAccountException;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.subject.Subject;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.ResponseBody;

import com.liwbn.rbac.common.utils.IPUtil;
import com.liwbn.rbac.util.Md5Util;
import com.mysql.jdbc.StringUtils;

@Controller
public class LoginController {

    private static final Logger LOGGER = LoggerFactory
            .getLogger(LoginController.class);

    /**
     * 登陆页test--
     *
     * @return
     */
    @RequestMapping("/login")
    public String index() {
        Subject subject = SecurityUtils.getSubject();
        if (subject != null
                && (subject.isAuthenticated() || subject.isRemembered())) {
            // 防止已登录用户跳转到登陆页面
            return "redirect:/";
        }
        return "login";
    }

    /**
     * 登陆验证
     * 
     * @param userName
     * @param password
     * @return
     */
    @RequestMapping("/login/auth")
    @ResponseBody
    public String login(HttpServletRequest request, String userName,
            String password) {
        String[] strArr = new String[] {
                IPUtil.getIpAddr(request), userName, password
        };
        if (!StringUtils.isNullOrEmpty(userName)
                && !StringUtils.isNullOrEmpty(password)) {
            Subject subject = SecurityUtils.getSubject();
            if (!subject.isAuthenticated()) {
                password = Md5Util.MD5(password);
                UsernamePasswordToken token = new UsernamePasswordToken(
                        userName, password);
                try {
                    LOGGER.info("用户登录,userName:{},password:{},remeberMe:{}",
                            new Object[] {
                                    userName, password, true
                            });
                    token.setRememberMe(true);
                    subject.login(token);
                    return "100";
                } catch (UnknownAccountException e) {
                    LOGGER.error("用户名或密码错误!.{}.{}.{}", strArr);
                    return "101";
                } catch (LockedAccountException e) {
                    LOGGER.error("账号被锁定!.{}.{}.{}", strArr);
                    return "102";
                } catch (AuthenticationException e) {
                    StringBuilder stringBuilder = new StringBuilder(
                            "登陆失败!.{}.{}.{}.[").append(e.getMessage())
                                    .append("]");
                    LOGGER.error(stringBuilder.toString(), strArr);
                    return "103";
                }
            } else {
                LOGGER.info("登陆成功!.{}.{}.{}", strArr);
                return "100";
            }
        } else {
            LOGGER.error("用户名或密码为空!.{}.{}.{}", strArr);
        }
        return "102";
    }
}
